| Author |
How to protect server from being tagged-Urgent help needced
|
|
|
| I am running win 2003 server. I recently was tagged and I believe that I have
cleaned up the server and all the illegal software that was on it. Is there a
sure fire way of protecting the server from not being tagged again.
| |
| Ken Schaefer 2004-09-09, 2:48 am |
| "Barry" <Barry@discussions.microsoft.com> wrote in message
news:66DC81CA-F6F7-4358-915C-4AD81249365E@microsoft.com...
>I am running win 2003 server. I recently was tagged and I believe that I
>have
> cleaned up the server and all the illegal software that was on it. Is
> there a
> sure fire way of protecting the server from not being tagged again.
The only "sure fire" way is to turn the server off.
You need to work out how your server was compromised. For example, did you
fail to install all the latest patches? Did you have a weak password that
someone might have guessed etc?
If:
a) you install all the latest patches
b) you do not enable functionality that you don't need
c) you do not have weak passwords
d) you use a firewall to prevent connections to services that people
shouldn't connect to (eg telnet server, or SMB, or RPC etc)
then it is unlikely that anyone can hack your box.
Cheers
Ken
| |
|
| Ken,
do you know of any articles about securing the server. I have done a lot of
reading on it so far. I have also run MBSA and locked it down. I have also
restricted all web access to IUSER(read and or list) and administrator(full)
full rights. Also all patches have been applied..passwords have all been
changed and are now strong according to MBSA. Any additional help would be
good.
Barry
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:%23gPC%23ZilEHA.3712@TK2MSFTNGP15.phx.gbl...
> "Barry" <Barry@discussions.microsoft.com> wrote in message
> news:66DC81CA-F6F7-4358-915C-4AD81249365E@microsoft.com...
>
> The only "sure fire" way is to turn the server off.
>
> You need to work out how your server was compromised. For example, did you
> fail to install all the latest patches? Did you have a weak password that
> someone might have guessed etc?
>
> If:
> a) you install all the latest patches
> b) you do not enable functionality that you don't need
> c) you do not have weak passwords
> d) you use a firewall to prevent connections to services that people
> shouldn't connect to (eg telnet server, or SMB, or RPC etc)
> then it is unlikely that anyone can hack your box.
>
> Cheers
> Ken
>
| |
| Ken Schaefer 2004-09-09, 2:48 am |
| You should probably look here:
http://www.microsoft.com/technet/security/default.mspx
Go to the product section, and check out: (a) the IIS section and (b) the
Windows 2003 Server section
Cheers
Ken
"Barry" <support@pcez.ca> wrote in message
news:%23VC4viilEHA.3452@TK2MSFTNGP15.phx.gbl...
> Ken,
> do you know of any articles about securing the server. I have done a lot
> of reading on it so far. I have also run MBSA and locked it down. I have
> also restricted all web access to IUSER(read and or list) and
> administrator(full) full rights. Also all patches have been
> applied..passwords have all been changed and are now strong according to
> MBSA. Any additional help would be good.
> Barry
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:%23gPC%23ZilEHA.3712@TK2MSFTNGP15.phx.gbl...
>
>
| |
| David Wang [Msft] 2004-09-10, 2:48 am |
| Did you reformat and rebuild the server -- i.e. are you sure that the hacker
did not plant a back door or altered system binaries such that the back door
is not easily detected, etc.
Without extensive knowledge of "what happened", it would be wise to rebuild
the server and fortify it from scratch. Unless you enjoy being tagged again
even after you do all this work because they had a back door on the server
and easily circumvented all your security schemes...
Did you actually lock down all the services you opened on the server? What
about third-party software/servers that you installed?
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Barry" <Barry@discussions.microsoft.com> wrote in message
news:66DC81CA-F6F7-4358-915C-4AD81249365E@microsoft.com...
I am running win 2003 server. I recently was tagged and I believe that I
have
cleaned up the server and all the illegal software that was on it. Is there
a
sure fire way of protecting the server from not being tagged again.
| |
| Jeff Cochran 2004-09-10, 5:53 pm |
| On Wed, 8 Sep 2004 21:21:04 -0700, "Barry"
<Barry@discussions.microsoft.com> wrote:
>I am running win 2003 server. I recently was tagged and I believe that I have
>cleaned up the server and all the illegal software that was on it. Is there a
>sure fire way of protecting the server from not being tagged again.
Obvious is elimination of anonymous acces to FTP if you allowed it.
But if you were exploited through some other unknown means, you should
flattent the box and rebuild from scratch, paying attention to
security. When you don't know the attack vector, you can't verify
that there are no back doors on your system that make it easy to
bypass any security changes you make.
Jeff
| |
| Barry 2004-09-15, 10:34 am |
| I am sure that I left the ftp open to everyone by mistake...
I have also had my isp watching the server for any spikes in bandwidth and
there has been none for 3 months...but i just want to make sure.
Also,
is there any security flaws if i enable frontpage web extensions?
"Barry" <Barry@discussions.microsoft.com> wrote in message
news:66DC81CA-F6F7-4358-915C-4AD81249365E@microsoft.com...
>I am running win 2003 server. I recently was tagged and I believe that I
>have
> cleaned up the server and all the illegal software that was on it. Is
> there a
> sure fire way of protecting the server from not being tagged again.
|
|
|
|